Tag: SAS Management Console

As mentioned in an earlier post, Duplicating or Copying SAS Access Control Templates, Metacoda Plug-ins 6.1 R3 also includes support for duplicating groups and roles in SAS metadata. This can be useful when you want to create a new group that is very similar to an existing group, or a role with a very similar set of capabilities as an existing role.

When working with SAS® 9 metadata security, I often want to create an Access Control Template (ACT) which is very similar to an existing ACT. It may be that it will have a similar definition or permission pattern. It will usually have the same access controls applied to it for its own protection. It might occasionally be applied to protect the same set of objects as the original ACT.

Duplicating or copying SAS metadata security objects, such as ACTs, users, groups, and roles, has been a common request from Metacoda customers too. For this reason we added duplication support in Metacoda Plug-ins 6.1 R3. In the ACT, User, Group, and Role Reviewer plug-ins you will find a new Duplicate… action in the the context menu seen when right-mouse clicking over an object. A pop-up dialog then gives you some options to control what is duplicated.

The ability to duplicate objects via this facility is limited to SAS administrators via membership of one the standard SAS metadata server roles (i.e. “Metadata Server: Unrestricted“, “Metadata Server: User Administration“, or “Metadata Server: Operation“). Of course you also need permission to view the object you are duplicating. Continue reading “Duplicating or Copying SAS Access Control Templates”

When you install Metacoda Custom Tasks for use in SAS® Enterprise Guide® and the SAS® Add-In for Microsoft Office you may find you don’t see the new menu items you expected in the Tools menu:

There are 2 main reasons why they may be missing: 1) the custom tasks could not be loaded, perhaps due to an issue during installation; and 2) you are not being granted access to the custom tasks due to your metadata roles and capabilities. The first issue is usually quite easy to resolve. This post is about the second scenario because it can be somewhat harder to troubleshoot.

Roles and capabilities are used in the SAS platform to control access to SAS application features such as menu items in SAS Enterprise Guide. In a new SAS platform installation the PUBLIC group (which includes everyone) is a member of the Enterprise Guide: Advanced role, and that role grants all capabilities for SAS Enterprise Guide. That means, by default, all users have access to all of the controllable features in SAS Enterprise Guide. Some SAS customers change this, as may be required for their security plan, by removing the PUBLIC group and replacing it with more appropriate groups for their environment, and perhaps create additional roles with the required capabilities. It is in this scenario where you may find your capability set is preventing access to the Metacoda Custom Tasks. Continue reading “Adding Metacoda Custom Tasks Capabilities for SAS Enterprise Guide”

Last year I posted some information about a new Metacoda Auth Domain Reviewer plug-in that was planned for Metacoda Plug-ins 6.1. That Auth Domain Reviewer is now available with the recent Metacoda Plug-ins 6.1 R1 release and you may notice that it looks a little different to the screenshots I posted back then … it now has a Libraries tab.

The Libraries tab as was added based on feedback we got during early access testing by customers. They told us they would like to be able to see, for a selected authentication domain, all of the SAS® software libraries registered in metadata that are associated with that auth domain. That sounded like a great idea so we added it!

Thanks to those customers that suggested it and please keep those suggestions coming!

Update 05Mar2019: The Metadata Auth Domain Reviewer discussed in this blog post is now available with the Metacoda Plug-ins 6.1 R1 release, and also includes a new Libraries tab based on feedback from customers during early-access testing.

One of the new Metacoda Security Plug-ins features arriving in version 6.1 is the Auth Domain Reviewer. Like the other reviewers, this plug-in is used for investigating, documenting and testing how a SAS metadata security feature has been used within a particular SAS platform deployment. When I’m reviewing metadata security for a SAS platform I like to look at it from several different perspectives and authentication domains is one of them. I like to see:

What authentication domains have been added beyond the initial DefaultAuth?

How have they been used with respect to inbound logins?

How have they been used with respect to outbound logins and providing shared credentials for database access?

How have they been used with respect to 3rd party database system connections?

Are there any unused ones, possibly added by accident, that can be cleaned up?